"The following OEMs equip some of their laptop series with SD card readers manufactured by Realtek:
- Dell
- HP
- Lenovo
- MSI
The list may be incomplete. Basically, if your laptop or desktop has a card reader managed by RtsPer.sys, make sure that the driver is up to date."
...
"The version of RtsPer.sys that is free from all these vulnerabilities is 10.0.26100.21374 or higher."
The article goes into depth and shows proof of concept for the following:
- CVE-2022-25477: leaking driver logs
- CVE-2022-25478: accessing PCI config space
- CVE-2022-25479: leaking kernel pool and stack
- CVE-2022-25480: writing beyond IRP::SystemBuffer
- CVE-2024-40432: writing beyond IRP::SystemBuffer
- CVE-2024-40431: writing to arbitrary kernel address
"The following OEMs equip some of their laptop series with SD card readers manufactured by Realtek:
- Dell
- HP
- Lenovo
- MSI
The list may be incomplete. Basically, if your laptop or desktop has a card reader managed by RtsPer.sys, make sure that the driver is up to date."
...
"The version of RtsPer.sys that is free from all these vulnerabilities is 10.0.26100.21374 or higher."
The article goes into depth and shows proof of concept for the following:
- CVE-2022-25477: leaking driver logs
- CVE-2022-25478: accessing PCI config space
- CVE-2022-25479: leaking kernel pool and stack
- CVE-2022-25480: writing beyond IRP::SystemBuffer
- CVE-2024-40432: writing beyond IRP::SystemBuffer
- CVE-2024-40431: writing to arbitrary kernel address